<?php
/*
 *  This file is part of Urd.
 *
 *  Urd is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 3 of the License, or
 *  (at your option) any later version.
 *  Urd is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program. See the file "COPYING". If it does not
 *  exist, see <http://www.gnu.org/licenses/>.
 *
 * $LastChangedDate: 2008-06-24 23:24:17 +0200 (Tue, 24 Jun 2008) $
 * $Rev: 1228 $
 * $Author: gavinspearhead $
 * $Id: ajax_markread.php 1228 2008-06-24 21:24:17Z gavinspearhead $
 */

define('ORIGINAL_PAGE', $_SERVER['PHP_SELF']);
$__auth = 'silent';

$pathmr = realpath(dirname(__FILE__));
require_once "$pathmr/../functions/html_includes.php";

if (!isset( $_GET['sid']) || ! isset($_GET['cmd']) || !isset($_GET['type']))
	throw new exception ('Parameter missing');

$setID = $_GET['sid'];
$cmd = $_GET['cmd'];
$type = $_GET['type'];


if (!in_array($type, array(USERSETTYPE_GROUP, USERSETTYPE_RSS)))
	throw new exception ('Invalid value');

switch (strtolower($cmd)) {
case 'markread' :
	$res = $db->execute_query("SELECT * FROM usersetinfo WHERE \"userID\" = '$userID' AND \"setID\" = '$setID' AND \"type\" = '$type'");
	if ($res === FALSE) {
		$qry = "INSERT INTO usersetinfo (\"setID\", \"userID\", \"statusread\", \"type\") VALUES ('$setID', '$userID', '1', $type)";
	} else {
		$status = $res[0]['statusread'];
		if ($status) {
			$qry = "UPDATE usersetinfo SET \"statusread\" = 0 WHERE \"setID\" = '$setID' AND \"userID\" = '$userID' AND \"type\" = '$type'";
		} else {
			$qry = "UPDATE usersetinfo SET \"statusread\" = 1 WHERE \"setID\" = '$setID' AND \"userID\" = '$userID AND \"type\" = '$type''";
		}
	}
	$db->execute_query($qry);
	break;
case 'hide' :
	$res = $db->execute_query("SELECT * FROM usersetinfo WHERE \"userID\" = '$userID' AND \"setID\" = '$setID' AND \"type\" = '$type'");
	if ($res === FALSE) {
		$qry = "INSERT INTO usersetinfo (\"setID\", \"userID\", \"statuskill\", \"type\") VALUES ('$setID', '$userID', '1', $type)";
	}else{
		$qry = "UPDATE usersetinfo SET \"statuskill\" = 1 WHERE \"setID\" = '$setID' AND \"userID\" = '$userID' AND \"type\" = '$type'";
	}
	$db->execute_query($qry);
	break;
case 'interesting':
	$res = $db->execute_query("SELECT * FROM usersetinfo WHERE \"userID\" = '$userID' AND \"setID\" = '$setID' AND \"type\" = '$type'");
	if ($res === FALSE) {
		$qry = "INSERT INTO usersetinfo (\"setID\", \"userID\", \"statusint\", \"type\") VALUES ('$setID', '$userID', '1', $type)";
	}else{
		$status = $res[0]['statusint'];
		if ($status == 1) {
			$qry = "UPDATE usersetinfo SET \"statusint\" = 255 WHERE \"setID\" = '$setID' AND \"userID\" = '$userID' AND \"type\" = '$type'";
		} else {
			$qry = "UPDATE usersetinfo SET \"statusint\" = 1 WHERE \"setID\" = '$setID' AND \"userID\" = '$userID' AND \"type\" = '$type'";
		}
	}
	$db->execute_query($qry);
	break;
case 'unhide':
	$res = $db->execute_query("SELECT * FROM usersetinfo WHERE \"userID\" = '$userID' AND \"setID\" = '$setID' AND \"type\" = '$type'");
	if ($res === FALSE) {
		$qry = "INSERT INTO usersetinfo (\"setID\", \"userID\", \"statuskill\", \"type\") VALUES ('$setID', '$userID', '255', $type)";
	}else{
		$qry = "UPDATE usersetinfo SET \"statuskill\" = 255 WHERE \"setID\" = '$setID' AND \"userID\" = '$userID' AND \"type\" = '$type'";
	}
	$db->execute_query($qry);
    break;
case 'wipe':
    $challenge = $_REQUEST['challenge'];
    verify_challenge($challenge);
    if ($isadmin) {
        wipe_sets($db, array($setID), $type, $userID);
    }
    break;
default:
	throw new exception('Command not valid');
	break;
}


?>
